Lucene search
K

1934 matches found

CVE
CVE
added 2026/01/16 12:0 a.m.21 views

CVE-2025-61873

Summary: CVE-2025-61873 affects Best Practical Request Tracker (RT). The connected Debian advisory confirms the issue is a CSV injection vulnerability in RT exports to TSV from search results, caused by ticket values containing certain characters and exported in TSV, enabling injection. Debian li...

2.6CVSS6.6AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 4:42 p.m.5 views

GO-2026-4303 Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server...

9.8CVSS7.1AI score0.01285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.9 views

CVE-2023-25348

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...

7.8CVSS8.5AI score0.00437EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.8 views

CVE-2023-31294

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the Delivery Name field...

7.5CVSS6.9AI score0.00579EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.7 views

CVE-2021-27839

A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...

5.8CVSS7.1AI score0.00724EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:13 a.m.12 views

CVE-2016-10762

The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...

7.5CVSS7.3AI score0.01798EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.8 views

CVE-2022-23868

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...

7.8CVSS7.2AI score0.00704EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.5 views

CVE-2022-37786

An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...

6.3CVSS7.2AI score0.00549EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.5 views

CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

9.8CVSS7.5AI score0.0269EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.5 views

CVE-2022-26249

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...

9.8CVSS7.8AI score0.01761EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.6 views

CVE-2017-18900

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...

9.8CVSS7.2AI score0.01285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.17 views

CVE-2019-20184

KeePass 2.4.1 allows CSV injection in the title field of a CSV export...

7.8CVSS7.1AI score0.01633EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.9 views

CVE-2020-12468

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/...

7.8CVSS7AI score0.00858EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.6 views

CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS7.1AI score0.01355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.14 views

CVE-2022-35281

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335...

8.8CVSS6.7AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.6 views

CVE-2021-41128

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...

9.1CVSS7.2AI score0.01257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.8 views

CVE-2019-16120

CSV injection in the event-tickets Event Tickets plugin before 4.10.7.2 for WordPress exists via the "All Post Ticketed Attendees" Export Attendees feature...

8.8CVSS7.4AI score0.03194EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.8 views

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket...

6.5CVSS6.9AI score0.0163EPSS
Exploits1References1
NVD
NVD
added 2025/12/24 8:15 p.m.5 views

CVE-2018-25135

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

9.8CVSS0.00591EPSS
Exploits1References3
CVE
CVE
added 2025/12/24 7:27 p.m.9 views

CVE-2018-25135

CVE-2018-25135 affects Anviz AIM CrossChex Standard 4.3.6.0. The CSV injection vulnerability arises from user import fields (e.g., Name, Gender, Position) that can contain malicious formulas, triggering Excel macro execution when importing user data. Reported impact includes command execution in ...

9.8CVSS7.3AI score0.00591EPSS
Exploits1References3
Rows per page
Query Builder